Newer
Older
From 88409082a4cbf27b308c76c148270ee72fdcb503 Mon Sep 17 00:00:00 2001
From: Riza Sulistyo <riza@teluu.com>
Date: Wed, 17 Jan 2018 11:30:52 +0000
Subject: [PATCH] r5727 svn backport sip_msg: Prevent crash on header without
vptr
Re #2059 (misc): Prevent corrupt header from causing a crash when printed.
Thanks to George Joseph for the patch.
Occasionally a header with no vptr gets into the list of header. This
causes a crash when printing them. We still need to figure out how
the header got there but this patch at least prevents the crash by checking
for a non-NULL vptr before attempting to call its print function.
---
pjsip/src/pjsip/sip_msg.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/pjsip/src/pjsip/sip_msg.c b/pjsip/src/pjsip/sip_msg.c
index a13f80e..8819dd9 100644
--- a/pjsip/src/pjsip/sip_msg.c
+++ b/pjsip/src/pjsip/sip_msg.c
@@ -26,6 +26,7 @@
#include <pj/string.h>
#include <pj/pool.h>
#include <pj/assert.h>
+#include <pj/log.h>
#include <pjlib-util/string.h>
PJ_DEF_DATA(const pjsip_method) pjsip_invite_method =
@@ -461,8 +462,13 @@ PJ_DEF(pj_ssize_t) pjsip_msg_print( const pjsip_msg *msg,
/* Print each of the headers. */
for (hdr=msg->hdr.next; hdr!=&msg->hdr; hdr=hdr->next) {
len = pjsip_hdr_print_on(hdr, p, end-p);
- if (len < 0)
- return -1;
+ if (len < 0) {
+ if (len == -2) {
+ PJ_LOG(5, ("sip_msg", "Header with no vptr encountered!! "\
+ "Current buffer: %.*s", (int)(p-buf), buf));
+ }
+ return len;
+ }
if (len > 0) {
p += len;
@@ -578,6 +584,7 @@ PJ_DEF(void*) pjsip_hdr_shallow_clone( pj_pool_t *pool, const void *hdr_ptr )
PJ_DEF(int) pjsip_hdr_print_on( void *hdr_ptr, char *buf, pj_size_t len)
{
pjsip_hdr *hdr = (pjsip_hdr*) hdr_ptr;
+ PJ_ASSERT_RETURN(hdr->vptr, -2);
return (*hdr->vptr->print_on)(hdr_ptr, buf, len);
}
--
2.7.4